<?php

define( 'DVWA_WEB_PAGE_TO_ROOT', '../../' );
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';

dvwaPageStartup( array( 'authenticated', 'phpids' ) );

$page = dvwaPageNewGrab();
$page[ 'title' ]   = 'Vulnerability: Brute Force' . $page[ 'title_separator' ].$page[ 'title' ];
$page[ 'page_id' ] = 'brute';
$page[ 'help_button' ]   = 'brute';
$page[ 'source_button' ] = 'brute';
dvwaDatabaseConnect();

$method            = 'GET';
$vulnerabilityFile = '';
switch( $_COOKIE[ 'security' ] ) {
	case 'low':
		$vulnerabilityFile = 'low.php';
		break;
	case 'medium':
		$vulnerabilityFile = 'medium.php';
		break;
	case 'high':
		$vulnerabilityFile = 'high.php';
		break;
	default:
		$vulnerabilityFile = 'impossible.php';
		$method = 'POST';
		break;
}

require_once DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/brute/source/{$vulnerabilityFile}";

$page[ 'body' ] .= "
<div class=\"body_padded\">
	<h1>暴力破解 <a href='burpsuite://'>打开burp suite软件</a></h1>

	<div class=\"vulnerable_code_area\">
		<h2>登录</h2>

		<form action=\"#\" method=\"{$method}\">
			用户:<br />
			<input type=\"text\" name=\"username\"><br />
			密码:<br />
			<input type=\"password\" AUTOCOMPLETE=\"off\" name=\"password\"><br />
			<br />
			<input type=\"submit\" value=\"Login\" name=\"Login\">\n";

if( $vulnerabilityFile == 'high.php' || $vulnerabilityFile == 'impossible.php' )
	$page[ 'body' ] .= "			" . tokenField();

$page[ 'body' ] .= "
		</form>
		{$html}
	</div>

	<h2>更多操作</h2>
	<ul>
	<li>" . dvwaExternalLinkUrlGet( '#', '教程视频' ) . "
	<div>
		<video style='width: 100%;' controls='' autoplay='false' name='media'>
			<source src='../../mp4/brutesuite.mp4' type='video/mp4'>
		</video>
	</div>
	</li>
	<li>" . dvwaExternalLinkUrlGet( '../../html/brutesuite.html', '教程文档' ) . "
	</li>
	<li>" . dvwaExternalLinkUrlGet( 'https://baidu.com', '百度一下' ) . "</li>
	</ul>
</div>\n";

dvwaHtmlEcho( $page );

?>
